Cybersecurity professionals also have some must-read literature. In this article, we have collected five books that can be put at the top of the list or kept on hand as desktop books. All of the titles on the list are more suitable for practitioners with a base of core knowledge.
1. Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Authors: Michael Ligh, Steven Adair, Blake Hartstein, Matthew Richard
Computer forensics, incident analysis techniques, and a host of solutions for problems involving viruses, Trojan horses, worms, spyware, rootkits, adware, and other invasive software are all found in this iconic American publication.
This iconic book covers a wide range of topics such as computer forensics, incident analysis techniques, and information about viruses, Trojan horses, worms, spyware, rootkits, and other invasive software. The book is written by experts and will improve your analytical skills as well as prompt new solutions. The publication describes:
- Malware classification;
- Learning how to analyze malware dynamically; and
- Decoding and decryption;
- Memory analysis;
- Malware research methods using open-source tools.
The manual provides source code in C, Python, and Perl. This will expand the specialist’s toolkit. Malware Analyst’s Cookbook will help you organize your work with HoneyPot, conduct computer forensics. It is a kind of “hodgepodge” that will come in handy for many in work situations.
2. The Ida Pro Book
Author: Chris Eagle
The experts at ISSP Labs, whose behind-the-scenes ongoing process of reverse-engineering and investigating cyberattacks, say, “No source code? Not a problem.”
With IDA Pro’s interactive disassembler, you can automatically analyze the millions of operation codes that make up an executable file. But at this point, your work is just beginning. With the IDA Pro book, you’ll learn how to turn this mountain of mnemonics into something you can use. The book contains detailed descriptions of how to work with the IDA Pro interactive disassembler, code examples, and examples of scripts for working with different data.
This book will be helpful for anyone studying reverse engineering and binary code analysis.
3. Practical Malware Analysis: A Hands-On Guide to Dissecting Malicious Software
Author: Michael Sikorski
Code stuffed with traps and anti-debugging tricks won’t scare you anymore. Practical Malware Analysis is an example of how by collecting a bunch of detailed information and putting it on several hundred pages, you can turn a book into a weapon against cybercriminals.
From Practical Malware Analysis, you will learn how to:
• Set up a secure virtual environment for malware analysis;
• Quickly retrieve network signatures and indicators of compromise;
• Use analysis tools (IDA Pro, OllyDbg, and WinDbg)
• Successfully bypass traps and tricks such as obfuscation, anti-disassembly, anti-debugging, and virtual machine techniques;
• Use their new knowledge of Windows internals to analyze malware;
• Develop a methodology for unpacking malware;
• Investigate exceptional cases of malware with shellcode, C ++, and 64-bit code.
There are a lot of technical tasks inside – they will help you practice and deconstruct actual malware. The lessons are packed with detailed examples from professionals in the field.
4. Threat Modeling: Designing for Security
Author: Adam Shostack
Adam Szostak is an expert in threat modeling. He has long worked at Microsoft, where he was involved in modeling their lifecycle. With this experience, Shostak recounted it in a book that deserves desktop status for the security professional.
Beginning with simple answers to basic questions, Szostak offers personally tested techniques, software tools, and tricks to help build an adequate threat model for any abstract object. The book reveals aspects that will help application developers, IT system architects, and security professionals.
The irony with which the author denounces the rake that security professionals step on when modeling threats adds to the publication’s casualness and sense of belonging to the world of cybersecurity.
Author: Neal Stephenson
Let’s dilute a severe list of technical masters with a fiction book. Let’s talk about the legendary Cryptonomicon. Even if they haven’t read it, technical or near-technical people have at least heard of it. For many, it “all began” with an acquaintance with “Cryptonomicon.” This is almost the only work of fiction, which unfolds in the theme of information security.
If you’ve decided to write my paper about cybersecurity or any other IT science – you’re sure to find inspiration in this book. “Cryptonomicon,” which has become a model of cyberpunk, harkens back to the reality of today and, a t the same time, looks into the past, reproducing the evolution of technical thought in society.
Almost 20 years ago, when the book came out of print and into the hands of the first reader, it seemed that the author was radiating exaggerated optimism about the impact of technology and the internet, painting a romantic picture. But reality has surpassed the most fantastic predictions. Technology has moved on, and people have hardly changed. “Cryptonomicon” is also a source of allegorical interpretations of the basics of cryptography and the basic principles of computing.